[3.1.1] Update Munge docs.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1804 48356398-32a2-884e-a903-53898d9a118a

library/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt

@@ -27,6 +27,12 @@ DEFAULT: NULL
         in corporate environments.
     </li>
 </ul>
+<p>
+    Prior to HTML Purifier 3.1.1, this directive also enabled the munging
+    of browsable external resources, which could break things if your redirection
+    script was a splash page or used <code>meta</code> tags. To revert to
+    previous behavior, please use %URI.MungeResources.
+</p>
 <p>
     You may want to also use %URI.MungeSecretKey along with this directive
     in order to enforce what URIs your redirector script allows. Open

library/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt

@@ -4,9 +4,13 @@ VERSION: 3.1.1
 DEFAULT: false
 --DESCRIPTION--
 <p>
-    If true, any URI munging directives like %URI.Munge or %URI.SecureMunge
+    If true, any URI munging directives like %URI.Munge
     will also apply to embedded resources, such as <code>&lt;img src=""&gt;</code>.
     Be careful enabling this directive if you have a redirector script
     that does not use the <code>Location</code> HTTP header; all of your images
     and other embedded resources will break.
-</ul>
+</p>
+<p>
+    <strong>Warning:</strong> It is strongly advised you use this in conjunction
+    %URI.MungeSecretKey to mitigate the security risk of an open redirector.
+</p>